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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1-15. (canceled) 

16. (original) A method according to claim 71, further comprising: 
configuring the processor in one of the non-isolated execution mode or the 

isolated execution mode, based on configuration parameters in a configuration storage 

in the processor; 

asserting an isolated access signal by an access generator circuit, based on at 
least one of the configuration parameters and access information in a transaction when 
the processor is configured in the isolated execution mode; and 

generating an isolated bus cycle corresponding to a destination in the transaction 
by a bus cycle decoder, based on the asserted isolated access signal and the access 
information. 

17-45. (canceled) 
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46. (currently amended) A system comprising: 

a processor that supports two or more operating modes with different levels of 
privilege, including a ring 0 operating mode and a higher ring operating mode; 

a chipset commun i cat i v e ly coup l od responsive to the processor, wherein the 
chipset supports communication between the processor and a memory; 

configuration storage within the processor to store configuration parameters 
comprising: 

a first configuration setting to define an isolated memory area within the 
memory; and 

a second configuration setting to switch the processor between an 
isolated execution mode within the ring 0 operating mode and a non-isolated 
execution mode within the ring 0 operating mode; 

an isolated execution circuit within the processor to generate isolated bus cycles 
when the processor executes in the isolated execution mode, wherein the isolated bus 
cycles enable a module to access a resource that is only accessible from the isolated 
execution mode of the ring 0 operating mode; and 

a logical processor counter in the chipset that is updated in a first direction in 
response to a logical processor entry to the isolated execution mode and is updated in 
a second direction in response to a logical processor withdrawal from the isolated 
execution mode. 

47. (original) The system of claim 46, wherein the isolated bus cycles generated 
by the isolated execution circuit comprise: 

a data access cycle; 

a control access cycle; and 

a logical processor access cycle. 



3 



09/538,954 

48. (original) The system of claim 46, wherein the isolated bus cycles generated 
by the isolated execution circuit comprise at least one isolated bus cycle selected from 
the group consisting of: 

a data access cycle; 

a control access cycle; 

and a logical processor access cycle. 

49. (original) The system of claim 48, wherein the isolated execution circuit 
generates the data access cycle in response to a transaction involving a reference to 
the isolated memory area. 

50. (original) The system of claim 48, wherein the isolated execution circuit 
generates the control access cycle in response to a transaction involving an 
input/output reference to an isolated register in a chipset external to the processor. 

51 . (original) The system of claim 48, wherein the isolated execution circuit 
generates the logical processor access cycle in response to a transaction involving one 
of the logical processor entry to the isolated execution mode or the logical processor 
withdrawal from the isolated execution mode. 

52. (original) The system of claim 46, wherein the isolated bus cycles generated 
by the isolated execution circuit comprise an isolated bus cycle that enables access to 
at least one resource selected from the group consisting of: 

the isolated memory area; 
an isolated register; and 
an isolated state. 
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53. (original) The system of claim 46, wherein the first configuration setting to 
define the isolated memory area comprises at least one value selected from the group 
consisting of: 

a mask value; 
a base value; and 
a length value. 

54. (original) The system of claim 46, wherein the first configuration setting to 
define the isolated memory area comprises a mask value, a base value, and a length 
value. 

55. (original) The system of claim 46, further comprising: 

a processor control register within the isolated execution circuit; and 
an execution mode word in the processor control register that is asserted when 
the processor is configured in the isolated execution mode. 

56. (canceled) 

57. (currently amended) The system of claim 46, further comprising: 

an access generator circuit in the isolated execution circuit and coupled to tho 
conf i gurat i on storage , the access generator circuit to generate an isolated access signal 
based on access information in a transaction and at least one of the configuration 
parameters, the isolated access signal being asserted when the processor is configured 
in the isolated execution mode, and 

a bus cycle decoder in the isolated execution circuit and coup le d to the access 
g e n e rator c i rcu i t , the bus cycle decoder to generate an isolated bus cycle 
corresponding to a destination in the transaction based on the access information and 
the asserted isolated access signal. 
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58. (currently amended) An apparatus comprising: 

a processor capable of supporting two or more operating modes with different 
levels of privilege, including a ring 0 operating mode and a higher ring operating mode, 
wherein the processor allows modules executing in ring 0 to access data associated 
with modules executing in the higher ring, but the processor does not allow modules 
executing in the higher ring to access data associated with modules executing in ring 0; 

an isolated execution circuit within the processor that supports bifurcation of the 
ring 0 operating mode into an isolated execution mode and a non-isolated execution 
mode, by allowing the processor to be switched between the isolated execution mode 
and the non-isolated execution mode, and by generating isolated bus cycles when the 
processor executes in the isolated execution mode, wherein the isolated bus cycles 
enable a module to access a resource that is only accessible from the isolated 
execution mode of the ring 0 operating mode; 

a machine accessible medium i n commun i cat i on w i th responsive to the 
processor; and 

instructions encoded in the machine accessible medium, wherein the 
instructions, when executed, cause the processor to perform operations comprising: 

receiving a first configuration setting to define an isolated memory area 
within memory external to the processor; 

receiving a second configuration setting to switch the processor between 
the isolated execution mode within the ring 0 operating mode and the non-isolated 
execution mode within the ring 0 operating mode; 

loading a processor nub into the isolated memory area, using isolated bus 

cycles; and 

loading an operating system nub into the isolated memory area, using 
isolated bus cycles. 
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59. (original) The apparatus of claim 58, wherein the isolated bus cycles 
comprise: 

a data access cycle; 

a control access cycle; and 

a logical processor access cycle. 

60. (original) The apparatus of claim 58, wherein the isolated bus cycles 
comprise at least one isolated bus cycle selected from the group consisting of: 

a data access cycle; 

a control access cycle; and 

a logical processor access cycle. 

61. (original) The apparatus of claim 60, wherein the isolated execution circuit 
generates the data access cycle in response to a transaction involving a reference to 
the isolated memory area. 

62. (original) The apparatus of claim 60, wherein the isolated execution circuit 
generates the control access cycle in response to a transaction involving an 
input/output reference to an isolated register in a chipset external to the processor. 

63. (original) The apparatus of claim 60, wherein the isolated execution circuit 
generates the logical processor access cycle in response to a transaction involving one 
of a logical processor entry to the isolated execution mode or a logical processor 
withdrawal from the isolated execution mode. 

64. (original) The apparatus of claim 58, wherein the isolated bus cycles 
generated by the isolated execution circuit comprise an isolated bus cycle that enables 
access to at least one resource selected from the group consisting of: 

the isolated memory area; 
an isolated register; and 
an isolated state. 
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65. (original) The apparatus of claim 64, wherein the isolated execution circuit 
generates at least one of the isolated bus cycles based on an access type and a 
destination of a transaction. 

66. (original) The apparatus of claim 58, wherein the processor further 
comprises configuration storage to contain memory settings to define the isolated 
memory area. 

67. (original) The apparatus of claim 66, wherein the memory settings comprise 
at least one value selected from the group consisting of: 

a mask value; 
a base value; and 
a length value. 

68. (original) The apparatus of claim 58, wherein the isolated execution circuit 
comprises an address detector to detect if a physical address in a transaction is within 
the isolated memory area. 

69. (original) The apparatus of claim 58, wherein the isolated execution circuit 
comprises a processor control register to contain an execution mode word that is 
asserted when the processor is configured in the isolated execution mode. 

70. (original) The apparatus of claim 58, wherein the isolated execution circuit 
generates an isolated bus cycle based on an access type of a transaction. 
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71. (original) A method comprising: 

receiving, at a processor, a first configuration setting to define an isolated 
memory area within memory external to the processor, wherein: 

the processor supports two or more operating modes with different levels 
of privilege, including a ring 0 operating mode and a higher ring operating mode; 

the processor allows modules that execute in ring 0 to access data 
associated with modules that execute in the higher ring; and 

the processor prevents modules that execute in the higher ring from 
accessing data associated with modules that execute in ring 0; 
receiving, at an isolated execution circuit of the processor, a second 
configuration setting to switch the processor between an isolated execution mode within 
the ring 0 operating mode and a non-isolated execution mode within the ring 0 
operating mode; 

generating isolated bus cycles with the processor executing in the isolated 
execution mode, wherein the isolated bus cycles enable a module to access a resource 
that is only accessible from the isolated execution mode of the ring 0 operating mode; 

loading a processor nub into the isolated memory area, using isolated bus 
cycles; and 

loading an operating system nub into the isolated memory area, using isolated 
bus cycles. 

72. (original) The method of claim 71, further comprising: 
initializing the isolated execution mode, using a processor nub loader; 
loading the processor nub into the isolated memory area, using isolated bus 

cycles; and 

verifying the operating system nub, using the processor nub. 

73. (original) The method of claim 72, further comprising: 

if the operating system nub verifies as good, loading the operating system nub 
into the isolated memory area, using isolated bus cycles. 
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74. (original) The method of claim 71 , further comprising: 
generating platform verification data, based on attributes comprising: 

a platform key; 

the processor nub; and 

the operating system nub. 

75. (original) The method of claim 74, further comprising: 

switching from the isolated execution mode to the non-isolated execution mode; 

and 

loading an operating system kernel into non-isolated memory. 

76. (original) The method of claim 75, further comprising: 

switching from the ring 0 operating mode to the higher ring operating mode; and 
executing an application in the higher ring operating mode. 

77. (original) The method of claim 71, wherein the operation of generating 
isolated bus cycles comprises generating at least one isolated bus cycle selected from 
the group consisting of: 

a data access cycle; 

a control access cycle; and 

a logical processor access cycle. 

78. (original) The method of claim 77, wherein the operation of generating at 
least one isolated bus cycle comprises: 

generating the data access cycle in response to a transaction involving a 
reference to the isolated memory area. 

79. (original) The method of claim 77, wherein the operation of generating at 
least one isolated bus cycle comprises: 

generating the control access cycle in response to a transaction involving an 
input/output reference to an isolated register in a chipset external to the processor. 
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80. (original) The method of claim 77, wherein the operation of generating at 
least one isolated bus cycle comprises: 

generating the logical processor access cycle in response to a transaction 
involving one of a logical processor entry to the isolated execution mode or a logical 
processor withdrawal from the isolated execution mode. 

81 . (original) The method of claim 71 , wherein the operation of generating 
isolated bus cycles comprises generating an isolated bus cycle that enables access to 
at least one resource selected from the group consisting of: 

the isolated memory area; 
an isolated register; and 
an isolated state. 

82. (original) The method of claim 71 , wherein the operation of receiving a first 
configuration setting to define an isolated memory area comprises receiving at least 
one value selected from the group consisting of: 

a mask value; 
a base value; and 
a length value. 

83. (original) The method of claim 71, further comprising: 

asserting an execution mode word in a processor control register within the 
isolated execution circuit when the processor is configured in the isolated execution 
mode. 



li 



09/538,954 

84. (original) A method comprising: 

receiving, at a processor, a first configuration setting to define an isolated 
memory area within memory external to the processor, wherein: 

the processor supports two or more operating modes with different levels 
of privilege, including a ring 0 operating mode and a higher ring operating mode; 

the processor allows modules that execute in ring 0 to access data 
associated with modules that execute in the higher ring; and 

the processor prevents modules that execute in the higher ring from 
accessing data associated with modules that execute in ring 0; 
receiving, at an isolated execution circuit of the processor, a second 
configuration setting to switch the processor between an isolated execution mode within 
the ring 0 operating mode and a non-isolated execution mode within the ring 0 
operating mode; 

generating isolated bus cycles with the processor executing in the isolated 
execution mode, wherein the isolated bus cycles enable a module to access a resource 
that is only accessible from the isolated execution mode of the ring 0 operating mode; 
and 

in response to a logical processor entry to the isolated execution mode, updating 
a logical processor counter in a chipset in a first direction. 

85. (original) The method of claim 84, further comprising: 

in response to a logical processor withdrawal from the isolated execution mode, 
updating the logical processor counter in the chipset in a second direction. 
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